CN102948128A - Secure node admission in a communication network - Google Patents

Secure node admission in a communication network Download PDF

Info

Publication number
CN102948128A
CN102948128A CN2011800312436A CN201180031243A CN102948128A CN 102948128 A CN102948128 A CN 102948128A CN 2011800312436 A CN2011800312436 A CN 2011800312436A CN 201180031243 A CN201180031243 A CN 201180031243A CN 102948128 A CN102948128 A CN 102948128A
Authority
CN
China
Prior art keywords
network
salt
key
request
static keys
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011800312436A
Other languages
Chinese (zh)
Inventor
刘常文
罗纳德·李
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Entropic Communications LLC
Original Assignee
Entropic Communications LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Entropic Communications LLC filed Critical Entropic Communications LLC
Publication of CN102948128A publication Critical patent/CN102948128A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2838Distribution of signals within a home automation network, e.g. involving splitting/multiplexing signals to/from different paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L2012/284Home automation networks characterised by the type of medium used
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L2012/2847Home automation networks characterised by the type of home appliance used
    • H04L2012/2849Audio/video appliances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key

Abstract

A system and method for node admission in a communication network having a NC and a plurality of associated network nodes. According to various embodiments of the disclosed method and apparatus, key determination in a communication network includes an NN sending to the NC a request for a SALT; the NN receiving the SALT from the NC, combining the SALT with its network password to calculate a static key, and submitting an admission request to the network coordinator to request a dynamic key. The SALT can be a random number generated by the NC, and the admission request can be encrypted by the NN using the static key.

Description

Security node access in the communication network
The cross reference of related application
The application requires in the rights and interests of the U.S. Patent Application No. 12/820,382 of submission on June 22nd, 2010, and the mode that its content is quoted is in full incorporated this paper into.
Technical field
The methods and apparatus disclosed relate generally to communication network at present, and more specifically, some embodiments relate to the method and apparatus that enters the key of communication network for the generation node security.
Background technology
Home network can comprise polytype subscriber equipment, and it is configured to provide service for the user at home.These user's services comprise by home network provides content of multimedia to subscriber equipment, for example stream audio and video.An example of this home network has been described in conjunction with Fig. 1.In this example, show wire communication medium 100.In some applications, the wire communication medium can be coaxial cable system, powerline systems, light cable system, Ethernet cable system or other similar communication media.In such embodiment, communication media 100 is the pre-installation coaxial cable in resident family's 101 interior deployment.Alternately, communication media can be wireless transmitting system.
Network comprises a plurality of nodes 102,103,104,105,106 according to communication protocol network service.For the purpose of this example, network node is any equipment that can communicate by network and another equipment.Can be according to network standard, for example multimedia over Coax Alliance (MoCA) standard is come by network organization communication.In one embodiment, specify bag by the communication protocol of network standard definition based on communication system.In this embodiment, physical layer (PHY) comprises leading and useful load.
In some embodiments, the activity on the network is by network coordinator (NC) node control.In such embodiment, carry out the function of NC based on node of the defined processing selecting of communication protocol.In the network that uses NC, NC uses the network service between the MAP dispatch network node.NC also sends beacon, this beacon allow be not network a part the node recognition network signal and and Network Synchronization.MAP sends as bag.This MAP bag is regularly to send.Beacon also is the bag that is regularly sent by NC.When new node (NN) request entered network, NC also carried out the access program.For the purpose of this disclosure, the definition of NN is the node that request enters network.
Node in this network can be related with various device.For example, in the system in being deployed in resident family 101, node can be the network communication module that is associated with computer 109,110.These nodes allow computer 109,110 to communicate by communication media 100.Alternately, node can be module, and this module is related to allow television reception and demonstration from the media content of one or more other network nodes with TV 111.Another node also can be related with loud speaker or other apparatus for media playing 103.Node also can with the module relation that is configured to dock with internet or cable service provider 112, thereby, for example provide internet access, digital video record ability, Media Stream function or network management services for resident family 101.
Utilize network (network of for example describing in conjunction with Fig. 1 in the example provided above), content of multimedia can (wherein this content is presented to the user or is stored for subsequently access) transmit and share in various network device.Along with available user's quantity of service increases, and its popularization degree raising, the number of devices that is connected in each home network has also increased.Along with the increase of the value volume and range of product of equipment on the network, it is more general that Network Security Issues becomes.For example, network may easily be subject to the attack of external node (for example node in the adjacent networks 118).Therefore, encryption technology has become the more and more important aspect of the network privacy.In the shielded network of privacy, key is derived and key management mechanism is used to promote coded communication.For example, in MoCA 2.0 networks, for example, well-known Advanced Encryption Standard (AES) password is used for utilizing encryption key that message is encrypted.In MoCA 2.0, AES is the basis of link privacy.
In addition, in the shielded network of privacy, usually to control the node access to assist in ensuring that privacy.For example, in a lot of secure networks (such as MoCA), the node access is controlled by " access processing " by NC.According to MoCA 2.0, MoCA 2.0NC is used for permitting new MoCA 2.0 nodes and (that is, NNs) enters.Admission message in MoCA 2.0 networks is by an encryption in two static keys.They are called as static keys, because in case after determining the value of netkey, this value remains unchanged.First of these static keys is called as " AES MAC managing keys " (AMMK).AMMK is used for encrypting initial admission message and the MAC control message except link privacy message." link privacy " message comprises for the message of one group of dynamic key of request with for the response message that dynamic key is sent to requesting node.The below will further discuss dynamic key.Second of static keys is called as " the initial privacy management key of AES " (APMKInitial).APMKInitial access is processed be encrypted during and afterwards, transmit link privacy message.
Fig. 2 illustrates to permit the schematic diagram that node enters the embodiment that the access of MoCA 2.0 networks processes.The figure shows from the time propelling of top to the bottom of figure.With reference now to Fig. 2,, when the user wished that NN122 is added into network, the user at first determined the password of this network (user wish network that NN122 is added into).Then, this password is directly inputted among the NN 122.The identical network cipher of all nodes sharing in MoCA 2.0 networks.Network cipher is used to derive the key of node access and link privacy, such as hereinafter description.
Then, NN 122 is connected to the employed medium of network.NN 122 monitors the beacon message 128 that network N C 124 sends.Beacon message 128 expression time slots, NNs(such as NN 122 during this time slot) can send " finding request " 130.Find that request 130 is requests of the information of the request related network that sends of NN 122.This information can comprise the type of the current equipment that is allowed to enter network and be used for the identification phrase of recognition network (such as the network title).In case beacon message 128 is received, NN 122 specified time in beacon message 128 sends the request of discovery 128.As response, NC 124 sends " finding response " 132 in the time of NC124 appointment in next beacon message 131.In case NN 122 receives the information of finding in the response 132, NN 122 can determine to find to send in the request 134 requests of access time slot at another.Next beacon message 133 expressions send the time of access time slot 134 requests.Alternately, NN 122 can find to send in the request request of access time slot first.
In case NC 124 receives the request of request access time slot 134, NC 124 will dispatch the time that NN 122 sends the access request.Use is encrypted the access request that is sent by NN 22 according to the AMMK static keys that network cipher generates.As response, NC 124 will provide the access response.In addition, NN 122 and NC124 will exchange additional message, comprise that help NN 122 and NC 124 set up the characteristic of channel between NN 122 and the NC 124, and the exploration of the characteristic of channel between NN 122 and other network node and other message.The result who exchanges messages is that NN122 is allowed to enter network.
In case be allowed to enter network, if privacy is protected, then NN 122 must a pair of dynamic key of request.That is to say, except two static keys, MoCA 2.0 agreements are also used two dynamic key.Why these keys are called as " dynamically " is because they periodically change in order to strengthen the fail safe of network.Dynamic key is used for the communication between the node that is allowed to enter network is encrypted.In addition, in order to help to upgrade this two dynamic key, each in these two dynamic key all be generated as by even key and strange key form right.Even key and strange key are taken into account, always had at any time four dynamic key, wherein only have two dynamic key to be used for encryption and decryption message, and two other dynamic key is updated always and prepares and enables.
In MoCA 2.0, according to defined general format among the MoCA 1.0, the network cipher of user input is assumed that approximately 10 to 17 decimal digits are long and be filled to 17 by leading zero.Use stopping code, valid password length (or intensity) is between 40 to 56.The intensity of the static keys (that is, AMMK and APMKInitial) that therefore, is derived by user cipher is less than employed 128 of the AES encipherment scheme that is used for generating static keys.A little less than this causes key strength, there are a lot of common leaks, such as the precomputation of possibility access AES key.This can allow whole key space to be cracked in Brute Force, or probably is cracked in dictionary cracks.
A kind of method that improves static keys intensity is the length that increases user cipher.Yet this is not optimal method, and this is because long password is not easy to allow the user remember, and difficulty relatively during user's fan-in network password.In addition, it is desirable in some networks, keep the backwards compatibility of password form.Therefore, it is desirable in the situation that do not increase Password Length, strengthen the MoCA network and have employed key in other these networks of this weakness.
Summary of the invention
Various embodiments according to the methods and apparatus disclosed, node on the network (being also referred to as the network equipment) is programmed to obtain " SALT " of network, and SALT and node password (in some cases, being other data or information) merging are thought the one or more static keys of network creation.In an embodiment of the methods and apparatus disclosed, SALT is the random number that NC generates.Then, static keys is used to obtain dynamic key.Dynamic key is used for the network service after the access.
According to some embodiments, carry out in one approach following functions to allow NN to get permission to enter in the communication network with network coordinator (NC) node and a plurality of related network nodes.For the purpose of this disclosure, the definition of NN is the node that request enters network.These functions comprise:
(1) NN sends SALT request (it will be understood by those skilled in the art that in some MoCA networks, send SALT sends the request of discovery with response NN) to NC;
(2) NN receives SALT from NC, and wherein in some embodiments, SALT is the random number that NC generates;
(3) NN merges to calculate at least one static keys with SALT and its network cipher;
(4) NN carries out the program of access network with this static keys;
(5) NN request dynamic key, wherein NN uses a static keys that this request is encrypted at least;
(6) NN receives the dynamic key of request, wherein uses in the static keys at least one that the dynamic key that receives is encrypted; And
(7) NN sends message to other network node after receiving dynamic key, with dynamic key this message is encrypted.
In one embodiment, SALT is identical concerning all seek to get permission to enter the node of network.In addition, the password determined of network user can use in whole network.Therefore, identical static keys can be used for getting permission to enter the employed access processing of all nodes of network.Static keys is calculated in the processing that is called as " RFC2898/PKCS#5 " (defining such as the RSA laboratory) by application.RFC2898/PKCS#5 processes and carries out calculating with the character string of SALT value, network cipher and coding.In an example, the character string of coding is the ASCII value of the phrase " PrivacyManagementKey " of phrase " MACManagementKey " or ASCII coding.This means that character string is the literal ASCII value of each letter ' M ', " A ", " C " etc.
Alternately, can SALT and network cipher be merged to generate static keys by any combination with many digital functions, comprise that hash has the SALT of network cipher and/or coded string to calculate static keys.
Except calculating the NN of static keys, NC also SALT and network cipher can be merged to calculate by the NC use with access after or NN during the access static keys of communicating by letter.
From the above description should be clear, an embodiment of the system of operation comprises NC more than being used for carrying out.This NC preferably has processor.In addition, NC has the computer executable program code that is embodied on the computer-readable medium.Executable program code is configured to when being carried out by NC, makes NC carry out aforesaid operations.
System further comprises NN.NN comprises processor.In addition, NN has the computer executable program code that is embodied on the computer-readable medium.Executable program code is configured to when being carried out by NN, makes NN carry out aforesaid operations.
By the detailed description below in conjunction with accompanying drawing (for example, it illustrates feature according to disclosed method and apparatus), the further feature of disclosed method and apparatus and aspect will become clearly.Content of the present invention is not intended to limit the scope of the present invention for required protection, and scope of the present invention is only limited by appended claims.
Description of drawings
Describe in conjunction with the following drawings one or more embodiments of the methods and apparatus disclosed in detail.It only is for the typical embodiments that illustrates and describe disclosed method and apparatus or the example of particular that accompanying drawing is provided.These accompanying drawings are provided to help the disclosed method and apparatus of reader understanding, and should not be understood to be the restriction of width, scope or applicability to the present invention for required protection.It should be noted that in order to know and to be convenient to and set forth, these accompanying drawings might not be drawn in proportion.
Fig. 1 shows the example of the environment that some embodiments of disclosed method and apparatus can carry out within it.
Fig. 2 illustrates the schematic diagram that uses the conventional process of encrypting accurate node access.
Fig. 3 is the schematic diagram that illustrates according to the example procedure of the node access of an embodiment of system and method described herein.
Fig. 4 is the schematic diagram for the example message stream that obtains static keys that illustrates according to an embodiment of system and method described herein.
Fig. 5 is the flow chart for the processing of obtaining dynamic key that illustrates according to an embodiment of system and method described herein.
Fig. 6 shows the instance key change procedure of AES privacy management key (APMK) and AES traffic encryption keys (tek) (ATEK).
Fig. 7 is the schematic diagram that illustrates according to the ripple mechanism that is started by NC of an embodiment of system and method described herein.
Fig. 8 shows the example calculation module of the various features of the embodiment that can be used for carrying out disclosed method and apparatus.
Embodiment
In an embodiment of the methods and apparatus disclosed, and according to the network class of MoCA 1.x and MoCA 2.0 operations seemingly, in case there is node (being also referred to as network equipment) to be got permission to enter, always has four encryption keys and be used for obtaining access and communicating.This four keys have been specified in the form 1.Two static keys and two dynamic key are arranged.
Form 1 encryption key
In one embodiment, two static keys are used as the access key.It is called as " static state " is that static keys can not change unless password or SALT change because it is based on network cipher and permanent SALT.First static keys is AES MAC managing keys (" AMMK "), and second is initial AES privacy management key (" APMKInitial ").
In such embodiment, two " dynamically " period of key ground change to strengthen the fail safe of network.First dynamic key is called as AES privacy management key (" APMK ").Second dynamic key is called as AES traffic encryption keys (tek) (" ATEK ").
AMMK is used for the encryption of the MAC control message except any link privacy message.In the access process, use APMKInitial that link privacy message is encrypted.Link privacy message comprises for the message that dynamic key is sent to NN during access.For the purpose of this disclosure, the definition of NN is the node that request permits entering network.
Can lose execution access processing when synchronous in initialization (initial application of power supply for example, reset or after power supply circulated) or as the node network in and NC.According to an embodiment, if the dynamic key that keeps of node and NC is asynchronous for a certain reason, then NC withdraws from this node from network.Then, must use static keys to permit this node and again enter network.
After the access and at the network normal operation period, ATEK is used for the data text is encrypted.In addition, normally in service at network, after node was got permission to enter, APMK was used for link privacy message is encrypted.
According to the various embodiments of the methods and apparatus disclosed, seek the node of access network and ask to start the access processing by sending SALT.According to such embodiment, by sending the request of discovery with request SALT.That is to say, SALT is sent to NN sends the request of discovery with response NN.In one embodiment, SALT is 96 long random values that generated by NC, yet also can select other long.This random string is used as the SALT of all-network access.Random string can be generated by one or more well-known mechanism.For example, the pseudorandom number generator module can be used for generating the Serial No. of being determined by the little collection of initial value.
Except when network is when again forming, if for example all nodes of network meet with outage simultaneously, SALT does not preferably change.When network forms again, can generate new permanent SALT.When using permanent SALT to mean every minor node request access, NC does not need to recomputate static keys.In one embodiment, before forming, network generates SALT.Alternately, in case when network initially forms, NC can generate SALT, further uses when then this SALT value being kept in the memory with convenient additional node request access network.In some cases, put when (for example, being connected to the coaxial cable as communication medium) to communication medium when Section Point, network is considered to initially form.Therefore, start to process and think Network Capture SALT from the request of the adding network of Section Point (first node of the request access of NC after setting up).
In one embodiment, the form that NN also can " find request " sends the SALT request.In such embodiment, request is sent to network coordinator node (NC).NC offers requesting node with SALT in finding response message (being sent to requesting node by NC).Alternately, NC can distribute SALT during mixed mode operations, such as more detailed description hereinafter.Alternately, can transmit by any available message between node and the NC SALT is dispensed to node in the network.
In case obtain SALT, then the password with SALT and requesting node merges to create static keys.In one embodiment, ascii string also is used for generating static keys.The details that generates about static keys hereinafter further is provided.In case generation static keys, this static keys can be used for the message that is transmitted between NN and the NC in access is processed is encrypted.In addition, after access was finished dealing with, AMMK was used for MAC control message (except privacy message) is encrypted.The result that access is processed obtains the required dynamic key of ongoing secure communication.Be appreciated that during access is processed other processing and function to occur, these processing and function have nothing to do with disclosed method and apparatus for generating static keys.In case dynamic key is acquired, all-network communication can be encrypted by dynamic key or AMMK.
As mentioned above, it is very important providing safe as far as possible network.Guarantee that strong static keys helps to guarantee that network keeps safety.Therefore, in one embodiment, provide the solution that increases key strength and do not increase Password Length.In one embodiment, Password Length is 10 to 17 decimal numbers, is equivalent to 40 to 56.As mentioned above, in one embodiment, SALT is 96 random orders, yet also can select other long.Therefore, the nominal length of the key space of static keys (deriving from password and SALT) is at least 136 (40+96) position.This key length greater than AES (128).Then, the initial value that calculates for static keys is shortened to be fit in 128 AES key spaces.Being appreciated that to increase Password Length with further enhancing key strength according to the security of system target.
Fig. 3 be illustrate by current be not that the NN 303(of network members is shown in Figure 4) example of performed processing.Fig. 4 is the schematic diagram for the example message stream that obtains static keys that illustrates according to the embodiment of system and method described herein.In order to make NN 303 get permission to enter network, NN 303 must obtain network cipher (step 160).In one embodiment, the user must the fan-in network password.Alternately, in some embodiments, network cipher can obtain by automatic configuration process, and in automatic configuration process, in case NN 303 is inserted in the network medium, the user can be by NN 303 and another node (for example NC) button on both.In another alternative embodiment, the near-field communication token is used for allowing NN 303 to obtain password, and need not the user with among the Password Input NN 303.In another embodiment again, network cipher just is encoded among the NN 303 during fabrication.
In the embodiment shown in Fig. 3, NN 303 is connected to network medium (step 162).According to disclosed method and apparatus, NN 303 can obtain network cipher before or after being connected to network.In case be connected to network medium, NN 303 just monitors the NC 305(that comes automatic network and currently forms at medium) beacon message 310(step 164).In case received, beacon message 310 indication NN 303 this when send find request 311(step 166).NN 303 can be included in the request of access time slot in the request of discovery 311 (step 168), or postpones request access time slot, until check out after the information that is provided in finding response 314 by NC 305.Which kind of situation no matter is when NC 305 will send when finding response 314 NC 305 time slot scheduling.The scheduling of finding response 314 is provided in beacon 312 by NC 305.The request of access time slot is so that NC 305 also dispatches the time that NN 303 can send access request 318.
NC 305 sends in the time of beacon message 312 indicatings and finds response 314.Find that response 314 comprises SALT.In addition, if the information that NN 303 asks about network, this information also will be included in to be found in the response 314.It should be noted that no matter whether NN 303 asks the access time slot, SALT all is sent to NN 303 in an embodiment of the methods and apparatus disclosed.
NN 303 receives the value (step 170) of finding response 314 and obtain network SALT from finding response 314 in the 312 indicated times of beacon message.If NN 303 is included in the request of access time slot in the request found 311, then subsequent beacon message 317 will indicate NC 305 to dispatch NN 303 with transmission access request 318 when.
The main cause of the access time slot of request in finding request 311 is to make NC 305 scheduling NN 303 can send the time of access request 318.What NN 303 usefulness received in step 170 is that the combination of network cipher and SALT generates one or more static keys at least.In one embodiment, except SALT and password, NN 303 also generates static keys (step 172) with ascii string.
Fig. 5 illustrates the employed processing of embodiment of cutting the disclosed method and apparatus of dynamic key by being used for feelings.As shown in Figure 5, use static keys that access request 318 is encrypted (step 240).In one embodiment, use AMMK.Then, NN 303 receives the beacon message (step 242) with the scheduling that when sends access request 318.Then, transmission access request 318(step 244 in the access time slot of beacon message 317 indicatings).After receiving access request 318, NC 305 sends the mapping 320(step 246 of the information that comprises the state of processing about access).Mapping 320 is sent to other all nodes 307.Yet because NN does not still know form (that is, employed special bit loads), so NN 303 can not receive mapping 320.However, each in other node 307 in the network has this form and can receive mapping 320.
If NN 303 is not included in the request of access time slot in the request of discovery 311, NC 305 will wait for until receive this request before the time of scheduling NN 303 transmission access requests 318 always so.
In case receive access request 318, NC 305 just dispatches and will respond 324 time slot by the access of NC 305 transmission.Then, NC 305 transmitting and scheduling in next beacon message 322.NN 303 receives the beacon message (step 328) with the scheduling that sends access response 324, and this beacon message reminds NN 303 to prepare to receive access response 324.Next, NC 305 sends access response 324 in the time of beacon message 322 indications.NN 303 receives by AMMK(namely, in two static keys one) the access response 324(step 250 of encrypting).
Then, NN 303 receive next indication NN 303 when send confirm that 328(indication NN 303 successfully receives the access response) beacon message 326(step 252).The affirmation 328 that NN 303 will indicate NN 303 to receive the access response is sent to the NC 305(step 254 of being encrypted by AMMK).In an embodiment of the methods and apparatus disclosed, access response 324 is first of some access processing messages of sending between NC 305 and NN 303.In the access process, with the AMMK key in the message that exchanges each is encrypted.After these operations were finished, NN 303 was got permission to enter network.At that time, NN 303 can be sent to the dynamic key request NC 305.In one embodiment, the dynamic key request is by the APMKInitial secret key encryption.NC 350 will respond NN 303 by sending dynamic key.This response is also by APMKInitial secret key encryption (step 256).As mentioned above, dynamic key comprises two pairs of dynamic key.First pair comprises strange APMK and even APMK.Second pair comprises strange ATEK and even ATEK.
Therefore, will use dynamic key or AMMK that all the further message from NN 303 or arrival NN 303 are encrypted (step 258).The key that NC 305 will upgrade frequently is sent to the network node 303,307 that uses APMK.In this way, key is updated and thinks that network provides extra safety measure.
Above example has been described the generation of two static keys: AMMK and APMKInitial.In one embodiment, used the AES key generating function to generate two static keys.This function is accepted three variablees and is returned 128 static keys.Key-function has been used the processing that is called as RFC 2898/PKCS#5 by the definition of RSA laboratory.This processing is derived static keys from the character string N that password P, SALT value S and the ASCII of ASCII coding encodes.
In one embodiment, static keys is calculated as follows:
1.Tl=HMAC-SHA-256(P,S?||N||INT(l))
2.T2=HMAC-SHA-256(P,Tl)
n.Tn=HMAC-SHA-256(P,Tn-1)
N+1. static keys=(Tl XOR T2 XOR...XOR Tn)<0:127 〉
Wherein:
INT (l) is the value that coding has 4 byte longs of integer 1, and most significant byte is (that is, " 0,000 00,000,000 0001 ") at first;
N is the iteration count of function HMAC-SHA-256, and its value is advised by 1000(such as PKCS#5);
<0:127〉value of indication before the 128th intercepting (that is, AESKey is front 128 of character string Tl XOR T2 XOR...XOR Tn in n+1 step);
The value of S||N||INT (1) indication S, N and INT (l) couples together to form a single argument;
HMAC-SHA-256(P,X)=SHA-256(P?XOR?opad||SHA-256(P?XOR?ipad||X));
SHA-256 defines " SHA-2 " hash function in FIPS 180-2;
Ipad is 36(hexadecimal) binary value, this value is repeated (that is, " 0,011 0,110 00,110,110 0,011 0,110 0,011 0,110 0,011 0,110 0,011 0110 ") 64 times; With
Opad is 5C(hexadecimal) binary value, this value is repeated 64 times.
Can find out from the application of above mark, the HMAC-SHA-256 (P, X) that defines among RFC 2104 and the FIPS 180-2 calculates by following steps:
(1) is attached to the end of P to create 64 byte character strings with 0;
(2) with ipad the 64 byte character strings that calculate in step (1) are carried out XOR (step-by-step XOR) operation;
(3) stream with data X is attached to the 64 byte character strings that draw from step (2);
(4) SHA-256 is applied to the stream that generates in step (3);
(5) with opad the 64 byte character strings that calculate in step (1) are carried out XOR(step-by-step XOR) operation;
(6) will be attached to from the SHA-256 that step (4) draw the 64 byte character strings that drawn by step (5);
(7) SHA-256 is applied to the stream and the Output rusults that generate in step (6);
When generating static keys, increase iteration count " n " and can increase the expense that produces key from password, but have the benefit that has increased the difficulty of attacking.For example, n is set to 1000 expenses that increased significantly exhaustive search password (Brute Force), on the not obviously impact of expense of deriving each key.In one embodiment, each network node is carried out at least the hardware keys of 1ms and is upgraded continuously to prevent key locking time.Alternately, can there be locking time yet.Suppose that minimum password space is 40, in Brute Force each time, want at least 40 power 1ms in the whole password of exhaustive search space 2.This was equivalent to ≈ 35.2.
The mode that generates dynamic key depends on execution mode, and it is unimportant concerning the methods and apparatus disclosed.Yet, it should be noted that SALT also can be used for generating dynamic key.
System and method described herein also can be used for mixed mode MoCA network.Mixed mode MoCA network is to comprise MoCA 1.x(namely, MoCA 1.0 and MoCA 1.1) and the MoCA network of MoCA 2.0 nodes.Because MoCA 1.x do not use AES key and do not use SALT value, thus as far as possible upgrade of network to move to meet MoCA 2.0 be favourable.Therefore, in mixed mode MoCA network, when occuring that NC switches and MoCA 2.0 nodes when accepting the NC task from MoCA 1.x node, MoCA 2.0NC need to distribute to its permanent SALT existing MoCA 2.0 nodes to allow it to need not just can use SALT and password to derive static keys through the access program.In the hybrid-mode network of having set up, MoCA 2.0NC starts access at new MoCA 2.0 nodes and processes afterwards monthly dynamics key (for example, ATEK and APMK).Yet before new MoCA 2.0 nodes were got permission to enter such hybrid network, NC must distribute to node with permanent SALT in the Network finding message exchange procedure.
Fig. 7 is the schematic diagram that the example of the processing that the NC according to an embodiment of system and method described herein starts is shown.Shown such as this example, NC 365 will have the request 342 of permanent SALT and distribute to selected MoCA 2.0 nodes in the network.In one embodiment, request 342 is L2ME requests.MoCA 2.0 nodes 363 usefulness SALT, network cipher and ascii string calculate static keys (AMMK and APMKInitial).Alternately, only use SALT and password.Node 363 is submitted its response 344 of having been encrypted by AMMK to.Node 363 and NC 365 Dynamic of exchange keys, shown such as 346.Then, the AES encryption indicator in the mapping is activated 348.Use the AES dynamic key that distributes that the future communications between MoCA 2.0 nodes is encrypted, shown in 350.In hybrid-mode network, MoCA 2.0NC 365 uses current MoCA 1.x dynamic key (namely, the key that uses the des encryption technology to generate, opposite with the AES technology that is used for MoCA 2.0 nodes) permanent SALT distribute to the existing MoCA 2.0 node groups of being got permission to enter by MoCA1.x NC.
In the situation of " ripple 0 ", NC 365 specifies and requires which MoCA 2.0 nodes to participate in.Use " WAVE0 NODEMASK " to indicate MoCA 2.0 nodes.In one embodiment, in each expression MoCA 2.0 node of WAVE0_NODEMASK.Each requested node sends response frame 344.Various field at claim frame 344 all will be observed following constraints.
VENDOR_ID=0x0(MoCA)
The TRANS_TYPE=0x2(AES encryption key distribution)
TRANS_SUBTYPE=0x0 is used for permanent SALT and distributes
WAVE0_NODEMASK=arranges to indicate selected MoCA 2.0 nodes in the MoCA network
MSG_PRIORITY=0xF0
TXN_LAST_WAVE=2
L2ME_PAYLOAD=as shown in Table 2
Form 2 is used for the L2ME_PAYLOAD of the request L2ME frame of ripple 0
Figure BDA00002639644600141
Each node responds NC according to following constraints with response frame:
RESP_STATUS=is set to 1 with position 0
Defined in L2ME_PAYLOAD=such as the form 3.
Form 3 is used for the L2ME_PAYLOAD of the response L2ME frame of permanent SALT
Distribute
Figure BDA00002639644600151
Behind the success monthly dynamics key, NC can open the AES encryption indicator in the subsequently mapping.
With reference now to Fig. 8,, computing module 400 can represent that (for example) is at desktop computer, kneetop computer and the notebook of needed or suitable given application program or environment; Portable computing equipment (PDA's, smart mobile phone, mobile phone, palmtop computer etc.); Mainframe, giant computer, work station or server; Or calculating or the disposal ability found in the special-purpose or general computing equipment of any other type.Computing module 400 also can represent to embed to locking equipment or can be used for computing capability to locking equipment.For example, can for example find computing module 400 in digital camera, navigation system, mobile phone, portable computing device, modulator-demodulator, router, WAP (wireless access point) (WAPs), terminal and other electronic equipment at the electronic equipment of the disposal ability that comprises certain form.
Computing module 400 can comprise, for example one or more processors, controller, control module or other treatment facility (such as processor 404).Can use universal or special processing engine, realize processor 404 such as microprocessor, controller or other control logic.In shown example, processor 404 is connected to bus 402, although any communication medium all can be used for promoting other assembly with computing module 400 to interact or with carry out PERCOM peripheral communication.
Computing module 400 also can comprise one or more memory modules, herein referred to as main storage 408.For example, preferred random access memory (RAM) or other dynamic memory can be used for information and the instruction that storage of processor 404 will be carried out.Carry out between order period at processor 404, main storage 408 also can be used for storing temporary variable or other average information.Similarly, computing module 400 can comprise read-only memory (" ROM ") or be coupled to bus 402 with the static information that is used for storage of processor 404 and other static storage device of instruction.
Computing module 400 also can comprise the information storage mechanism 410 of one or more forms, and it can comprise, for example media drive 412 and memory cell interface 420.Media drive 412 can comprise driver or support other mechanism of fixed or movable storage medium 414.For example, can provide hard disk drive, floppy disk, tape drive, CD drive, CD or DVD driver (R or RW), or other removable or fixed medium driver.Therefore, storage medium 414 can comprise, for example hard disk, floppy disk, tape, magazine, CD, CD or DVD, or other fixed or movable medium that is read, writes or accessed by media drive 412.Shown such as these examples, storage medium 414 can comprise having storage computer software in the inner or the computer-usable storage medium of data.
In alternative embodiment, information storage mechanism 410 can comprise other the similar instrument that allows computer program or other instruction or data to be written into computing module 400.These instruments can comprise, for example fixing or movably memory cell 422 and interface 420.The example of these memory cell 422 and interface 420 can comprise and allows software and data to transfer to that the program cartridge of computing module 400 and cassette memory interface, removable memory (for example, flash memory or other removable memory module) and memory bank, PCMCIA slot and card and other are fixed or movably memory cell 422 and interface 420 from memory cell 422.
Computing module 400 also can comprise communication interface 424.Communication interface 424 can be used for allowing software and data to transmit between computing module 400 and external equipment.The example of communication interface 424 can comprise modulator-demodulator or soft modem, network interface (such as Ethernet, network interface unit, WiMedia, IEEE 802.XX or other interface), communication port (such as USB port, IR port, RS232 port blue tooth interface or other port) or other communication interface.Software and data by communication interface 424 transmission can be carried on usually on signal, and this signal can be can be by electronic signal, electromagnetic signal (comprising optical signalling) or other signal of given communication interface 424 exchanges.These signals can offer communication interface 424 by channel 428.But channel 428 carrying signals, and can realize this channel with the wired or wireless communication medium.Some examples of channel can comprise coaxial cable MoCA channel, telephone wire, cellular link, radio frequency link, optical link, network interface, local area network (LAN) or wide area network and other wired or wireless communication channel.
In this document, term " computer program medium " and " computer usable medium " are commonly used to refer to the physical storage medium, such as memory 408, memory cell 420 and medium 414.These and other various forms of computer program memory medium or computer-usable storage medium can relate to storage and one or more sequences of one or more instructions that treatment facility will carry out are provided.Be embodied in these instructions on the medium and be commonly called " computer program code " or " computer program " (can computer program or the form of other cohort it is divided into groups).When being performed, these instructions can enable feature or the function that computing module 400 is carried out disclosed method and apparatus, and so the place is discussed.
Although describe hereinbefore and in the various various embodiments that there is shown disclosed method and apparatus, only should be understood that to have presented these embodiments with example forms, tool is not restricted.Should understand, the various features of in one or more independent embodiments, describing, aspect and functionally be not limited to it for the applicability of described particular, on the contrary, can be separately or be applied in other embodiment of the methods and apparatus disclosed with the form of various combinations, no matter whether described such embodiment, and no matter whether such feature occurs as the part of described embodiment.In addition, except those composition module names of herein describing were referred to as, many different composition module titles can be applicable to various piece.In addition, describe and claim to a method about flow chart, operation, unless point out in addition in the literary composition, otherwise should not require to implement the function of various embodiments to realize being stated with the order identical with the order of the piece showed in the literary composition.Therefore, the width of invention required for protection and scope should not be subject to the restriction of above-mentioned any embodiment, and these embodiments only are used for explanation as an example.
Employed term and phrase and version thereof are interpreted as open and do not have limited significance in the literature, unless offer some clarification on.Example as foregoing: term " comprises " and should be read as " comprise but do not limit " etc.; Term " example " is used for providing in discussion many examples of this term, is not its detailed or restricted tabulation; Term " a " or " an " should be read as " at least one ", " one or more " etc.Similarly, in this document indication for the those of ordinary skill in this field clearly or known technology, this technology comprise now or in the future any time for the technical staff clearly or known technology.
As used herein, term module can be described the given functional unit that can carry out according to the one or more embodiments of the methods and apparatus disclosed.As used herein, can come Executive Module with any type of hardware, software or the combination of the two.For example, can carry out one or more processors, controller, ASIC, PLA, PAL, CPLD, FPGA, logic module, software program or other mechanism to form module.In implementation process, various modules described herein can be used as discrete block and carry out, and perhaps one or more intermodules can partly or entirely be shared described function and feature.In other words, after reading this description, those of ordinary skill in the art be it is evident that, various features described herein and function can realize in any given application program, and can realize in the separation of one or more various combinations or spread pattern or sharing module.
In one embodiment, realize whole or in part assembly or the module of the methods and apparatus disclosed with software, can carry out these software elements can be carried out the function of these software elements with operation calculating or processing module.Such example calculations module has been shown among Fig. 8.According to this example calculation module 400 various embodiments have been described.After reading this description, it is evident that how to realize disclosed method and apparatus with other computing module or structure for those skilled in the relevant art.

Claims (34)

1. method that is used at the definite key of communication network with network coordinator (NC) and a plurality of related network node, described method comprises:
A) new node (NN) sends the SALT request to NC;
B) described NN receives described SALT from described NC;
C) described NN merges to calculate static keys with described SALT and its network cipher, thus accesses network.
2. method according to claim 1, it comprises that further NN submits the key request of at least one dynamic key of request to, described NN uses at least one static keys that described request is encrypted.
3. method according to claim 1, wherein said SALT request is for finding the form of request.
4. method according to claim 1, it comprises that further described NN receives the key response that comprises at least one dynamic key, wherein uses described static keys that described key response is encrypted.
5. method according to claim 1, it comprises that further described NN sends message to other network node after receiving dynamic key, the use dynamic key is encrypted described message.
6. method according to claim 1, wherein said SALT is identical for a plurality of nodes of seeking network admittance, described a plurality of nodes have identical password and for the access of a plurality of nodes described static keys remain unchanged.
7. method according to claim 1, wherein said static keys comprises initial privacy management key.
8. method according to claim 7, it comprises that further described NN calculates the second static keys, wherein said the second static keys is the MAC managing keys.
9. method according to claim 1, wherein, described dynamic key comprises dynamic privacy management key, and wherein said method further is included in described NN and receives the dynamic key that upgrades from NC after being allowed to enter described network, wherein uses current dynamic privacy management key that the key of described renewal is encrypted.
10. method according to claim 1, wherein said NN merges to calculate static keys with described SALT and its network cipher and comprises that using RFC 2898/PKCS#5 derives described static keys with the character string from described network cipher, described SALT and coding.
11. method according to claim 10, the character string of wherein said coding comprise the character string MACManagementKey of ASCII coding.
12. method according to claim 10, the character string of wherein said coding comprise the character string PrivacyManagementKey of ASCII coding.
13. method according to claim 1 wherein operates c) in merging comprise that hash has the character string of the network cipher of described SALT and coding to calculate described static keys.
14. method according to claim 1, the intensity of the wherein said static keys that calculates are 128.
15. method according to claim 1, it comprises that further described NC merges described SALT and described network cipher to calculate and will be used for the static keys that communicates with described NN by described NC.
16. a network node, it comprises:
A) processor; With
B) computer-readable medium has computer executable program code on it, described executable program code is configured to make described network node to carry out following operation:
I)) send the SALT request to network coordinator (NC);
Ii) receive described SALT from described NC, wherein said SALT is the random number that described NC generates;
Iii) described SALT and its network cipher are merged to calculate static keys; And
Iv) submit the key request of request dynamic key to described network coordinator, wherein said NN uses described static keys that described key request is encrypted.
17. network node according to claim 16, wherein said SALT request is for finding the form of request.
18. a network node, it comprises:
A) processor; With
B) computer-readable medium has computer executable program code on it, described executable program code is configured to make described network node to carry out following operation:
I) send the SALT request to NC;
Ii) receive described SALT from described NC;
Iii) described SALT and its network cipher are merged to calculate static keys;
Iv) submit the access request to described NC, wherein use described static keys that described access request is encrypted;
V) the request dynamic key wherein uses described static keys that described dynamic key request is encrypted.
19. network node according to claim 18, wherein said SALT request is to find that the form of asking exists.
20. network node according to claim 18, wherein said SALT are the random numbers that described NC generates.
21. network node according to claim 18, wherein said executable program code further are configured to make described network node to receive the dynamic key of request, wherein use described static keys that the dynamic key that receives is encrypted.
22. network node according to claim 18, wherein said executable program code further is configured to make described network node to send message to other network node after receiving described dynamic key, uses described dynamic key that described message is encrypted.
23. network node according to claim 18, wherein said SALT is identical for a plurality of nodes of seeking network admittance, described a plurality of nodes have identical password and for the access of a plurality of nodes described static keys remain unchanged.
24. network node according to claim 18, wherein said executable program code further are configured to make described network node to calculate second static keys, wherein said static keys comprises initial privacy management key and MAC managing keys.
25. network node according to claim 18, wherein said static keys comprise initial privacy management key.
26. network node according to claim 18, wherein said dynamic key comprises dynamic privacy management key, and wherein said executable program code further is configured to make described network node to receive the dynamic key that upgrades from NC after being allowed to enter described network, wherein uses current dynamic privacy management key that the key of described renewal is encrypted.
27. network node according to claim 18, the described SALT of wherein said network node and its network cipher merge to calculate the operation of static keys and comprise that using RFC 2898/PKCS#5 derives described static keys with the character string from described network cipher, described SALT and coding.
28. network node according to claim 18, the intensity of the wherein said static keys that calculates are 128.
29. network node according to claim 18, wherein, the character string of described coding comprises the character string " MACManagementKey " of ASCII coding.
30. network node according to claim 18 wherein generates second static keys.
31. network node according to claim 30, wherein, described second static keys is the character string " PrivacyManagementKey " of ASCII coding.
32. network node according to claim 18, wherein, operation c) merging in comprises that hash has the character string of the network cipher of described SALT and coding to calculate described static keys.
33. network node according to claim 18, wherein said executable program code are configured to make described NC that described SALT and described network cipher are merged to calculate and will be used for the static keys that communicates with described network node by described NC.
34. a method that is used for the generating network safe key, it comprises:
A) function with network coordinator switches to the node that can generate SALT; And
B) the described SALT that can use that described SALT is distributed in the described network generates the node of safe key.
CN2011800312436A 2010-06-22 2011-06-17 Secure node admission in a communication network Pending CN102948128A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/820,382 2010-06-22
US12/820,382 US8699704B2 (en) 2010-01-13 2010-06-22 Secure node admission in a communication network
PCT/US2011/040838 WO2011163073A1 (en) 2010-06-22 2011-06-17 Secure node admission in a communication network

Publications (1)

Publication Number Publication Date
CN102948128A true CN102948128A (en) 2013-02-27

Family

ID=44259428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011800312436A Pending CN102948128A (en) 2010-06-22 2011-06-17 Secure node admission in a communication network

Country Status (6)

Country Link
US (4) US8699704B2 (en)
EP (1) EP2586180A4 (en)
JP (1) JP2013539248A (en)
KR (1) KR20130111960A (en)
CN (1) CN102948128A (en)
WO (1) WO2011163073A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262662A (en) * 2014-07-09 2016-01-20 美国博通公司 Device pairing method and communication device
CN110474928A (en) * 2019-09-26 2019-11-19 凌云天博光电科技股份有限公司 The encryption method of data transmission set, apparatus and system
CN111052253A (en) * 2017-08-28 2020-04-21 维萨国际服务协会 Layered recording network
CN113553362A (en) * 2021-09-17 2021-10-26 国网浙江省电力有限公司 Carbon energy consumption monitoring method and device based on consensus mechanism and storage medium

Families Citing this family (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9148409B2 (en) 2005-06-30 2015-09-29 The Chamberlain Group, Inc. Method and apparatus to facilitate message transmission and reception using different transmission characteristics
US8422667B2 (en) 2005-01-27 2013-04-16 The Chamberlain Group, Inc. Method and apparatus to facilitate transmission of an encrypted rolling code
USRE48433E1 (en) 2005-01-27 2021-02-09 The Chamberlain Group, Inc. Method and apparatus to facilitate transmission of an encrypted rolling code
US8863249B2 (en) * 2010-12-30 2014-10-14 Broadcom Corporation Push button configuration of multimedia over coax alliance (MoCA) devices
US20130291083A1 (en) * 2011-05-31 2013-10-31 Feitian Technologiesco., Ltd Wireless smart key device and signing method thereof
US9369448B2 (en) * 2011-06-01 2016-06-14 Broadcom Corporation Network security parameter generation and distribution
EP2547140A1 (en) * 2011-07-11 2013-01-16 Koninklijke Philips Electronics N.V. Method for configuring a node
US10084818B1 (en) 2012-06-07 2018-09-25 Amazon Technologies, Inc. Flexibly configurable data modification services
US10075471B2 (en) 2012-06-07 2018-09-11 Amazon Technologies, Inc. Data loss prevention techniques
US9286491B2 (en) 2012-06-07 2016-03-15 Amazon Technologies, Inc. Virtual service provider zones
US9590959B2 (en) 2013-02-12 2017-03-07 Amazon Technologies, Inc. Data security service
US9705674B2 (en) 2013-02-12 2017-07-11 Amazon Technologies, Inc. Federated key management
US9547771B2 (en) 2013-02-12 2017-01-17 Amazon Technologies, Inc. Policy enforcement with associated data
US10210341B2 (en) * 2013-02-12 2019-02-19 Amazon Technologies, Inc. Delayed data access
US10467422B1 (en) 2013-02-12 2019-11-05 Amazon Technologies, Inc. Automatic key rotation
US9608813B1 (en) 2013-06-13 2017-03-28 Amazon Technologies, Inc. Key rotation techniques
US9300464B1 (en) 2013-02-12 2016-03-29 Amazon Technologies, Inc. Probabilistic key rotation
US10211977B1 (en) 2013-02-12 2019-02-19 Amazon Technologies, Inc. Secure management of information using a security module
US9367697B1 (en) 2013-02-12 2016-06-14 Amazon Technologies, Inc. Data security with a security module
US9106412B2 (en) * 2013-03-08 2015-08-11 Mcafee, Inc. Data protection using programmatically generated key pairs from a master key and a descriptor
US20150142670A1 (en) * 2013-11-20 2015-05-21 Sue Zloth Systems and methods for software based encryption
US9871892B2 (en) * 2014-01-30 2018-01-16 Entropic Communications, Llc USB to coax bridge
US9397835B1 (en) 2014-05-21 2016-07-19 Amazon Technologies, Inc. Web of trust management in a distributed system
US10523687B2 (en) * 2014-05-21 2019-12-31 Entropic Communications, Llc Method and apparatus for supporting sub networks in a MoCA network
US9438421B1 (en) 2014-06-27 2016-09-06 Amazon Technologies, Inc. Supporting a fixed transaction rate with a variably-backed logical cryptographic key
US9819698B2 (en) 2014-07-24 2017-11-14 Maxlinear, Inc. Method and apparatus for MoCA network with protected set-up
US11695804B2 (en) 2014-07-24 2023-07-04 Entropie Communications, LLC Method and apparatus for MoCA network with protected set-up
US9647817B2 (en) * 2014-09-17 2017-05-09 Maxlinear, Inc. Method and apparatus for MoCA network with protected set-up
US10075333B2 (en) * 2014-08-12 2018-09-11 Maxlinear, Inc. Method and apparatus for admission to a MoCA network
US10285116B2 (en) * 2014-08-12 2019-05-07 Maxlinear, Inc. Method and apparatus for pre-admission messaging in a MoCA network
US10284386B2 (en) * 2014-08-28 2019-05-07 Maxlinear, Inc. Method and apparatus for providing a high security mode in a network
US9866392B1 (en) 2014-09-15 2018-01-09 Amazon Technologies, Inc. Distributed system web of trust provisioning
US10079808B2 (en) * 2014-11-17 2018-09-18 Avago Technologies General Ip (Singapore) Pte. Ltd. Security in mixed networks
US9774451B2 (en) * 2015-02-10 2017-09-26 Qualcomm Incorporated Using secure elements to authenticate devices in point-to-point communication
US10469477B2 (en) 2015-03-31 2019-11-05 Amazon Technologies, Inc. Key export techniques
JPWO2016181586A1 (en) * 2015-05-08 2018-02-22 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Authentication method and authentication system
CN112560007A (en) * 2015-05-08 2021-03-26 松下电器(美国)知识产权公司 Authentication method, authentication system and controller
JP6621003B2 (en) * 2015-05-08 2019-12-18 パナソニックIpマネジメント株式会社 Authentication method, authentication system, and controller
EP4017212A1 (en) * 2015-05-21 2022-06-22 Andrew Wireless Systems GmbH Synchronizing multiple-input/multiple-output signals in telecommunication systems
US20180234407A1 (en) * 2017-02-14 2018-08-16 Quanta Computer Inc. Method for securely exchanging link discovery information
US10362025B2 (en) 2017-03-07 2019-07-23 International Business Machines Corporation Securely sharing confidential information in a document
US10652743B2 (en) 2017-12-21 2020-05-12 The Chamberlain Group, Inc. Security system for a moveable barrier operator
US11074773B1 (en) 2018-06-27 2021-07-27 The Chamberlain Group, Inc. Network-based control of movable barrier operators for autonomous vehicles
US11423717B2 (en) 2018-08-01 2022-08-23 The Chamberlain Group Llc Movable barrier operator and transmitter pairing over a network
US11343672B2 (en) 2019-02-20 2022-05-24 Coretigo Ltd. Secure communication encryption and decryption mechanism in a wireless communication system
US10997810B2 (en) 2019-05-16 2021-05-04 The Chamberlain Group, Inc. In-vehicle transmitter training
US11570180B1 (en) * 2021-12-23 2023-01-31 Eque Corporation Systems configured for validation with a dynamic cryptographic code and methods thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694451A (en) * 2004-10-29 2005-11-09 北京航空航天大学 Distribution network system monitoring protocol
US20070220134A1 (en) * 2006-03-15 2007-09-20 Microsoft Corporation Endpoint Verification Using Call Signs
CN101222772A (en) * 2008-01-23 2008-07-16 西安西电捷通无线网络通信有限公司 Wireless multi-hop network authentication access method based on ID
US20080178252A1 (en) * 2007-01-18 2008-07-24 General Instrument Corporation Password Installation in Home Networks
CN101232378A (en) * 2007-12-29 2008-07-30 西安西电捷通无线网络通信有限公司 Authentication accessing method of wireless multi-hop network

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1295436B1 (en) 2000-06-28 2013-11-27 Broadcom Corporation Multi-mode controller
US7280658B2 (en) * 2001-06-01 2007-10-09 International Business Machines Corporation Systems, methods, and computer program products for accelerated dynamic protection of data
US7506058B2 (en) * 2001-12-28 2009-03-17 International Business Machines Corporation Method for transmitting information across firewalls
US6880079B2 (en) * 2002-04-25 2005-04-12 Vasco Data Security, Inc. Methods and systems for secure transmission of information using a mobile device
JP2004040273A (en) * 2002-07-01 2004-02-05 Cosmo:Kk Data security maintaining method and apparatus in network camera, home gateway, and home automation apparatus
EP1618701B1 (en) * 2003-04-16 2011-01-05 TELEFONAKTIEBOLAGET LM ERICSSON (publ) Authentication method
US7581100B2 (en) * 2003-09-02 2009-08-25 Authernative, Inc. Key generation method for communication session encryption and authentication system
US7747862B2 (en) * 2004-06-28 2010-06-29 Intel Corporation Method and apparatus to authenticate base and subscriber stations and secure sessions for broadband wireless networks
JP2007104310A (en) * 2005-10-04 2007-04-19 Hitachi Ltd Network device, network system, and key updating method
CN101001261B (en) * 2006-01-09 2010-09-29 华为技术有限公司 Communication method of MIPv6 moving node
US7936878B2 (en) * 2006-04-10 2011-05-03 Honeywell International Inc. Secure wireless instrumentation network system
KR101566171B1 (en) 2007-03-09 2015-11-06 삼성전자 주식회사 Method and apparatus for digital rights management
US7936701B2 (en) 2007-04-07 2011-05-03 Entropic Communications, Inc. Frequency scanning to form a communication network
CN101232419B (en) * 2008-01-18 2010-12-08 西安西电捷通无线网络通信股份有限公司 Wireless local area network access method based on primitive
PL2248317T3 (en) * 2008-02-25 2019-01-31 Nokia Solutions And Networks Oy Secure bootstrapping architecture method based on password-based digest authentication
CA2638134A1 (en) * 2008-07-21 2010-01-21 Randy Kuang Multi-dimensional cryptography
US9112717B2 (en) * 2008-07-31 2015-08-18 Broadcom Corporation Systems and methods for providing a MoCA power management strategy
WO2010074993A1 (en) * 2008-12-15 2010-07-01 Entropic Communications, Inc. Receiver determined probe

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694451A (en) * 2004-10-29 2005-11-09 北京航空航天大学 Distribution network system monitoring protocol
US20070220134A1 (en) * 2006-03-15 2007-09-20 Microsoft Corporation Endpoint Verification Using Call Signs
US20080178252A1 (en) * 2007-01-18 2008-07-24 General Instrument Corporation Password Installation in Home Networks
CN101232378A (en) * 2007-12-29 2008-07-30 西安西电捷通无线网络通信有限公司 Authentication accessing method of wireless multi-hop network
CN101222772A (en) * 2008-01-23 2008-07-16 西安西电捷通无线网络通信有限公司 Wireless multi-hop network authentication access method based on ID

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105262662A (en) * 2014-07-09 2016-01-20 美国博通公司 Device pairing method and communication device
CN105262662B (en) * 2014-07-09 2018-09-14 安华高科技通用Ip(新加坡)公司 Device matching method and communication device
CN111052253A (en) * 2017-08-28 2020-04-21 维萨国际服务协会 Layered recording network
US11777730B2 (en) 2017-08-28 2023-10-03 Visa International Service Association Layered recording networks
CN111052253B (en) * 2017-08-28 2023-10-27 维萨国际服务协会 Layered recording network
CN110474928A (en) * 2019-09-26 2019-11-19 凌云天博光电科技股份有限公司 The encryption method of data transmission set, apparatus and system
CN113553362A (en) * 2021-09-17 2021-10-26 国网浙江省电力有限公司 Carbon energy consumption monitoring method and device based on consensus mechanism and storage medium

Also Published As

Publication number Publication date
US8699704B2 (en) 2014-04-15
US20180295117A1 (en) 2018-10-11
EP2586180A1 (en) 2013-05-01
US20110173435A1 (en) 2011-07-14
US9300468B2 (en) 2016-03-29
KR20130111960A (en) 2013-10-11
JP2013539248A (en) 2013-10-17
US20160261572A1 (en) 2016-09-08
WO2011163073A1 (en) 2011-12-29
US10594672B2 (en) 2020-03-17
US9906508B2 (en) 2018-02-27
US20140169558A1 (en) 2014-06-19
EP2586180A4 (en) 2015-08-12

Similar Documents

Publication Publication Date Title
CN102948128A (en) Secure node admission in a communication network
EP1832082B1 (en) Enforcing network cluster proximity requirements
US7835525B2 (en) Cryptographic method using dual encryption keys and a wireless local area network (LAN) system therefor
KR100895462B1 (en) Contents distribution management method in a digital distribution management system
EP2267628A2 (en) Token passing technique for media playback devices
US7734922B2 (en) Method, system and terminal apparatus for enabling content to be reproduced in multiple terminals
JPH11509075A (en) Using an encryption server to encrypt messages
WO2001041353A2 (en) Method and apparatus for sending encrypted electronic mail through a distribution list exploder
JP2002290418A (en) Radio device
US20070124313A1 (en) Method and apparatus for secure digital content distribution
CN109005032B (en) Routing method and device
CN102984045A (en) Access method of Virtual Private Network and Virtual Private Network client
WO2022160124A1 (en) Service authorisation management method and apparatus
CN109981287A (en) A kind of code signature method and its storage medium
WO2018186543A1 (en) Data encryption method and system using device authentication key
CN114040411B (en) Equipment binding method and device, electronic equipment and storage medium
CN112423302B (en) Wireless network access method, terminal and wireless access equipment
CN112235290B (en) Block chain-based Internet of things equipment management method and first Internet of things equipment
CN111768189B (en) Charging pile operation method, device and system based on block chain
RU2005118424A (en) ASYNCHRONOUS COMMUNICATION SYSTEM
CN111865869B (en) Registration and authentication method and device based on random mapping, medium and electronic equipment
US8327148B2 (en) Mobile system, service system, and key authentication method to manage key in local wireless communication
CN115473655A (en) Terminal authentication method, device and storage medium for access network
WO2021170049A1 (en) Method and apparatus for recording access behavior
CN113472835A (en) Data reading and uploading method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1182552

Country of ref document: HK

C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20130227

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1182552

Country of ref document: HK